CVE-2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath() function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

References

Affected packages

Git / github.com/pcre2project/pcre2

Affected ranges

Type: GIT
Repo: https://github.com/pcre2project/pcre2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

50a51cb7e67268e6ad417eb07c9de9bfea5cc55a

Fixed

d4fa336fbcc388f89095b184ba6d99422cfc676c

Affected versions

pcre2-10.*

pcre2-10.38

pcre2-10.38-RC1

pcre2-10.39

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "source": "https://github.com/pcre2project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a",
        "deprecated": false,
        "target": {
            "function": "compile_xclass_matchingpath",
            "file": "src/pcre2_jit_compile.c"
        },
        "id": "CVE-2022-1586-2fd20eca",
        "signature_version": "v1",
        "digest": {
            "function_hash": "41300829383723252943297909714980710868",
            "length": 19889.0
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/pcre2project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a",
        "deprecated": false,
        "target": {
            "file": "src/pcre2_jit_test.c"
        },
        "id": "CVE-2022-1586-486e13a2",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "339620945348427712212381388545774342412",
                "124167549058306645007988220067075173415",
                "309395507812416031802042378554291166529",
                "16059173172654235410661150339161003337"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/pcre2project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c",
        "deprecated": false,
        "target": {
            "file": "src/pcre2_jit_compile.c"
        },
        "id": "CVE-2022-1586-48cc4103",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "23552422377548235938273787861422704490",
                "309198468026725100566430053289678570367",
                "144930129826622155630856013047779273972",
                "16458643545612116243491192309114094144"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/pcre2project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c",
        "deprecated": false,
        "target": {
            "function": "compile_xclass_matchingpath",
            "file": "src/pcre2_jit_compile.c"
        },
        "id": "CVE-2022-1586-5fa16e9d",
        "signature_version": "v1",
        "digest": {
            "function_hash": "307351967392604966882179120799320127650",
            "length": 19912.0
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/pcre2project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a",
        "deprecated": false,
        "target": {
            "file": "src/pcre2_jit_compile.c"
        },
        "id": "CVE-2022-1586-b26c3441",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "261031969686312999006512549674494490461",
                "168259855099571918664674207254596473730",
                "129755615421991772175711125174276683242",
                "141477962428344099817664558993047106632"
            ],
            "threshold": 0.9
        }
    }
]